PT-2017-3921 · Oracle+7 · Mysql Server+6

Publicado

2017-10-17

·

Atualizado

2023-12-29

·

CVE-2017-10268

CVSS v2.0

4.4

Média

VetorAV:L/AC:M/Au:S/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 5.5.57 and earlier Oracle MySQL versions 5.6.37 and earlier Oracle MySQL versions 5.7.19 and earlier
Description The issue is related to the MySQL Server component, specifically the Server: Replication subcomponent. It allows a high-privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server, potentially resulting in unauthorized access to critical data or complete access to all MySQL Server accessible data. The vulnerability is difficult to exploit and requires high privileges.
Recommendations For versions 5.5.57 and earlier, update to a version later than 5.5.57 to resolve the issue. For versions 5.6.37 and earlier, update to a version later than 5.6.37 to resolve the issue. For versions 5.7.19 and earlier, update to a version later than 5.7.19 to resolve the issue. As a temporary workaround, consider restricting access to the MySQL Server to minimize the risk of exploitation.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2017-2768
ALT-PU-2018-1647
ALT-PU-2018-2387
ALT-PU-2018-2496
BDU:2020-00675
CESA-2018_2439
CVE-2017-10268
DLA-1141-1
DLA-1407-1
DSA-4002-1
DSA-4341-1
MGASA-2017-0461
OPENSUSE-SU-2017_2868-1
RHSA-2017:3265
RHSA-2017:3442
RHSA-2018:0279
RHSA-2018:0574
RHSA-2018:2439
RHSA-2018_2439
RHSA-2019:1258
SUSE-RU-2023:3956-1
SUSE-RU-2023:4991-1
SUSE-SU-2017:2996-1
SUSE-SU-2017_2996-1
SUSE-SU-2018:0384-1
SUSE-SU-2018:0698-1
SUSE-SU-2018:1853-1
SUSE-SU-2018_0384-1
SUSE-SU-2018_0698-1
USN-3459-1
USN-3459-2

Produtos afetados

Alt Linux
Centos
Mariadb Server
Mysql Server
Red Hat
Suse
Ubuntu